# Check your credit card



## Chasey_Lane

Made a purchase on Amazon yesterday and now I have about 15 fraud charges pending my credit card.  Check your online transactions!


----------



## glhs837

Straight Amazon, or a subvendor?


----------



## somdfunguy

Wouldn't matter if it was a subvendor. They don't see payment info. 

That being said I would be more worried about the device used to make the purchase than Amazon. Disconnect it and start looking to see if you have malware.


----------



## Chasey_Lane

somdfunguy said:


> That being said I would be more worried about the device used to make the purchase than Amazon. Disconnect it and start looking to see if you have malware.


Brand new, top of the line computer with a crap ton of safety guarding.  Unfortunately, that's no match for thugs on the internet.  

No worries -- I'll have a replacement card in a few days.


----------



## glhs837

Hmmm, wonder how that happened then. Fake Amazon site? Did you do any other shopping with that card in the last few days? Maybe Amazon wasn't the weak link?


----------



## vraiblonde

It may just be a coincidence and not have anything to do with Amazon at all, but you should check your credit card periodically anyway.


----------



## somdfunguy

Chasey_Lane said:


> Brand new, top of the line computer with a crap ton of safety guarding.  Unfortunately, that's no match for thugs on the internet.
> 
> No worries -- I'll have a replacement card in a few days.



Tell me about it, I battle them every day.


----------



## my-thyme

I placed an Amazon order few days ago. No problems.


----------



## Chasey_Lane

vraiblonde said:


> It may just be a coincidence and not have anything to do with Amazon at all, but you should check your credit card periodically anyway.


Considering it was the only purchase I've made in a while, yes it was Amazon.


----------



## Chasey_Lane

Props to Barclays.  They were on it immediately.


----------



## b23hqb

Wifey made an Amazon purchase on Tuesday - no problem. I check all my banking accounts at least once a day - only takes a few minutes.


----------



## MJ

I've had it happen via Amazon several times.  Both my personal and work cards.  I never use my debit card on Amazon anymore.


----------



## ginwoman

Thanks for the heads up. I order from Amazon a lot.
Why don't you use your debit card, MJ?
I have an ID protection called Identity Guard. It cost like $10 per month. I guess its worth it if it really catch anything.


----------



## LostNFound

ginwoman said:


> Thanks for the heads up. I order from Amazon a lot.
> Why don't you use your debit card, MJ?
> I have an ID protection called Identity Guard. It cost like $10 per month. I guess its worth it if it really catch anything.



Not worth it. All cards should be protected for free. My bank card with pnc is. However as a safer way to shop we only use credit cards and then move payment immediately. I dont want to wait 10 days for my stolen money to be put back, which is how long it took the last (and only)  time my account was hacked.


----------



## MJ

ginwoman said:


> Thanks for the heads up. I order from Amazon a lot.
> Why don't you use your debit card, MJ?
> I have an ID protection called Identity Guard. It cost like $10 per month. I guess its worth it if it really catch anything.



Because it ties up your cash flow until the charges are reversed and the bank usually wants to cancel your card and issue one with a new account number.


----------



## b23hqb

LostNFound said:


> Not worth it. All cards should be protected for free. My bank card with pnc is. However as a safer way to shop we only use credit cards and then move payment immediately. I dont want to wait 10 days for my stolen money to be put back, which is how long it took the last (and only)  time my account was hacked.



Credit is the way to go, for sure. Any reputable CC company will not hold the card owner liable for any charges as long as it is reported to them in a reasonable amount of time. Responsible people will know what a reasonable amount of time is.


----------



## ginwoman

LostNFound said:


> Not worth it. All cards should be protected for free. My bank card with pnc is. However as a safer way to shop we only use credit cards and then move payment immediately. I dont want to wait 10 days for my stolen money to be put back, which is how long it took the last (and only)  time my account was hacked.



I understand. Identity Guard monitors all my credit card accounts for strange activity and will notify me.  Or is a credit report is pulled they notify me. But most credit card companies will notify you if something weird is charged. Or you can put notification settings on your credit cards. I'll have to think about maybe cancelling this. $10 is $10 Would rather have it in my pocket if its not benefiting me.


----------



## Chasey_Lane

LostNFound said:


> Not worth it. All cards should be protected for free. My bank card with pnc is. However as a safer way to shop we only use credit cards and then move payment immediately. I dont want to wait 10 days for my stolen money to be put back, which is how long it took the last (and only)  time my account was hacked.



Yep!  I can monitor my credit and my activity FOR FREE!  You are allowed one free credit report from each agency per year.  Spread it out over a year and get one every few months.  No need to pay someone $10 to steal... I mean monitor your information.


----------



## Pete

Chasey_Lane said:


> Made a purchase on Amazon yesterday and now I have about 15 fraud charges pending my credit card.  Check your online transactions!



A month ago I got a fraud alert text from USAA asking me to call.  Seems my USAA MC was used in Mexico at a Walmart for $80.


----------



## DoWhat

Pete said:


> A month ago I got a fraud alert text from USAA asking me to call.  Seems my USAA MC was used in Mexico at a Walmart for $80.



New sombrero?


----------



## ArkRescue

I deal with Amazon regularly and if there was any fraud I didn't notice it.  I will make a bundled purchase, and it doesn't always show up in amounts you recognize on your CC statement.  I would have to be able to add up a couple items to match the charge or divide up the lump sum to the individual components to match them up.  Best I can tell, I'm good.  It'll get easier to monitor since I am not going to use the card much as I need to pay it down AGAIN.  Your credit score is negatively affected by having high balances on your CC's.  I need to get my credit score to go up so that means drop the CC balances by at least 1/2!


----------



## Pete

DoWhat said:


> New sombrero?


No idea.  I asked the fraud lady "If they were going to use my CC why not go big?  $80 at Walmart hardly seemed worth it."  She said that was a test run.  Typically they will do a few small purchases and if they work they come back with the BIG ones.  Takes them about 24 hours.


----------



## lovinmaryland

Pete said:


> No idea.  I asked the fraud lady "If they were going to use my CC why not go big?  $80 at Walmart hardly seemed worth it."  She said that was a test run.  Typically they will do a few small purchases and if they work they come back with the BIG ones.  Takes them about 24 hours.



That is what happened when they hacked my card.  Made like 3 or 4 smaller purchases (one is Paris, Ireland, England) then one large purchase.  BOFA returned the money 24 hours after I filed the fraud forms.


----------



## ArkRescue

lovinmaryland said:


> That is what happened when they hacked my card.  Made like 3 or 4 smaller purchases (one is Paris, Ireland, England) then one large purchase.  BOFA returned the money 24 hours after I filed the fraud forms.



currently I probably don't have to worry much because with my credit charged close to the limit, they'd get denied LOL


----------



## Pete

lovinmaryland said:


> That is what happened when they hacked my card.  Made like 3 or 4 smaller purchases (one is Paris, Ireland, England) then one large purchase.  BOFA returned the money 24 hours after I filed the fraud forms.



Both Barclays and USAA have robust fraud software.  Within 30 minutes of the purchase I had a text form USAA asking me to verify the purchase because it was suspicious.


----------



## Chasey_Lane

Here are all the fraudulent charges.  Some of them are funny like the Pizza Hut delivery.  

02/26/15		G NETWORKS	3.39
02/26/15		CABELAS INC.	5.00
02/26/15		PAYPAL	
02/26/15		Tattoo You By Big Tony	0.69
02/26/15		TRAVEL RESERVATION	
02/26/15		TRAVEL RES INDONESIA	32.65
02/26/15		WWW VISTAPRINT COM	
02/26/15		PAYPAL	
02/26/15		PAYPAL *GLOWTOUCHTE	3.23
02/26/15		1FACE WATCH	546.99
02/26/15		ETECH PARTS, LLC.	95.28
02/26/15		GOOGLE *MARKETPLACE	
02/26/15		STARDOLL USD	47.40
02/26/15		STORENVY.COM	
02/26/15		STORENVY*GETWITHIT	37.00
02/26/15		TINYPRINTS.COM	64.99
02/26/15		TINYPRINTS	64.99
02/26/15		FLIPKART.COM	17.01
02/26/15		PIZZA HUT DELIVERY	17.91
02/26/15		PAYMENTWALL 4153497560	8.00


----------



## Monello

DoWhat said:


> New sombrero?


Nope, tequila & dos XXXXs


----------



## lovinmaryland

Chasey_Lane said:


> Here are all the fraudulent charges.  Some of them are funny like the Pizza Hut delivery.
> 
> 02/26/15		G NETWORKS	3.39
> 02/26/15		CABELAS INC.	5.00
> 02/26/15		PAYPAL
> 02/26/15		Tattoo You By Big Tony	0.69
> 02/26/15		TRAVEL RESERVATION
> 02/26/15		TRAVEL RES INDONESIA	32.65
> 02/26/15		WWW VISTAPRINT COM
> 02/26/15		PAYPAL
> 02/26/15		PAYPAL *GLOWTOUCHTE	3.23
> 02/26/15		1FACE WATCH	546.99
> 02/26/15		ETECH PARTS, LLC.	95.28
> 02/26/15		GOOGLE *MARKETPLACE
> 02/26/15		STARDOLL USD	47.40
> 02/26/15		STORENVY.COM
> 02/26/15		STORENVY*GETWITHIT	37.00
> 02/26/15		TINYPRINTS.COM	64.99
> 02/26/15		TINYPRINTS	64.99
> 02/26/15		FLIPKART.COM	17.01
> 02/26/15		PIZZA HUT DELIVERY	17.91
> 02/26/15		PAYMENTWALL 4153497560	8.00



Wth did the get for .69 from big tony


----------



## lovinmaryland

ArkRescue said:


> currently I probably don't have to worry much because with my credit charged close to the limit, they'd get denied LOL


  yeah they didnt get much from my card either 


Pete said:


> Both Barclays and USAA have robust fraud software.  Within 30 minutes of the purchase I had a text form USAA asking me to verify the purchase because it was suspicious.



Nice!  I got a call when the big one went through not the little ones.


----------



## Chasey_Lane

My credit card has been stolen AGAIN!!!!


----------



## somdfunguy

somdfunguy said:


> Wouldn't matter if it was a subvendor. They don't see payment info.
> 
> That being said I would be more worried about the device used to make the purchase than Amazon. Disconnect it and start looking to see if you have malware.



This

software, top of the line, new means nothing if it there is a vulnerability. especially if it is a zero-day


----------



## Chasey_Lane

Going for round 3, only this time it is my debit card.  I have no idea how, but someone was able to duplicate my debit card and withdraw about $2000 from various ATMs in the Baltimore area in a span of 3 days.  

Has this happened to anyone before?


----------



## Monello

Chasey_Lane said:


> Going for round 3, only this time it is my debit card.  I have no idea how, but someone was able to duplicate my debit card and withdraw about $2000 from various ATMs in the Baltimore area in a span of 3 days.
> 
> Has this happened to anyone before?



They should have video from the transactions.  Time for fingerprint recognition software to be implemented.


----------



## Chasey_Lane

Monello said:


> They should have video from the transactions.  Time for fingerprint recognition software to be implemented.


Hopefully.  The ATMs were located at a 7-11, Walgreens, and CapitalOne.  I know I'll get the money back (in 10 days).  Not sure the thief(ves) will be caught, but that's okay as it's on their karma!


----------



## somdfunguy

Skimming is easy.  A tiny device is set to capture your card and a pinhole camera gets the pin. Always cover the entry of your pin with another hand. Also grab the card entry slot and pull and see if it comes out.

http://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/ is a high level overview.


----------



## kwillia

So now that credit cards are being reissued with "chips" in them... will this really kill the "skimming" and "duplication" fraud?


----------



## GWguy

kwillia said:


> So now that credit cards are being reissued with "chips" in them... will this really kill the "skimming" and "duplication" fraud?



That's the idea.  

My new debit card does not store the PIN on the card.  PINs are now changed/updated by phone or website making it tough to copy.


----------



## kwillia

GWguy said:


> That's the idea.
> 
> My new debit card does not store the PIN on the card.  PINs are now changed/updated by phone or website making it tough to copy.


Now we just have to wait for all businesses to switch to chip readers so that there is 100% enforcement of only allowing a purchase based on the chip when making a purchase in person. It won't help with online shopping though...


----------



## GURPS

Bank Card + Finger Print + facecam + ? to get cash out


----------



## GWguy

I'm going back to writing checks.  To  heck with the complainers on line behind me.


----------



## Chasey_Lane

somdfunguy said:


> Skimming is easy.  A tiny device is set to capture your card and a pinhole camera gets the pin. Always cover the entry of your pin with another hand. Also grab the card entry slot and pull and see if it comes out.
> 
> http://krebsonsecurity.com/2015/09/tracking-a-bluetooth-skimmer-gang-in-mexico/ is a high level overview.


I am just returning from visiting my local branch office.  They don't think this is a skimming issue, and she's never seen it happen locally in southern MD.  I guess that's a good thing.  I went to a concert 2 weekends ago and used my debit card and they think my card was swiped then.  She said it happens a lot and I'm pretty confident her story is right.

My new debit card will come with an encrypted chip and she said it will prevent this from happening in the future.  :crossingfingers:


----------



## DoWhat

chasey_lane said:


> i am just returning from visiting my local branch office.  They don't think this is a skimming issue, and she's never seen it happen locally in southern md.  I guess that's a good thing.  I went to a concert 2 weekends ago and used my debit card and they think my card was swiped then.  She said it happens a lot and i'm pretty confident her story is right.
> 
> My new debit card will come with an encrypted chip and she said it will prevent this from happening in the future.  :crossingfingers:



nfcu?


----------



## kwillia

Timely article!   http://wtop.com/consumer-tech/2015/09/column-understanding-chipped-credit-card-deadline/

Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?

A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to helping improve security for credit- and debit-card transactions, but it’s creating quite a bit of confusion.

The Oct. 1, 2015, deadline actually only affects physical retailers who conduct “card-present” transactions, not card holders.

The only thing that changes on Oct. 1 is that the liability for fraudulent transactions switches to the “least EMV-compliant party.”


----------



## GWguy

kwillia said:


> Timely article!   http://wtop.com/consumer-tech/2015/09/column-understanding-chipped-credit-card-deadline/
> 
> Q: What should I do if I don’t have a new chipped credit card by the Oct. 1 deadline?
> 
> A: The new EMV standard, which stands for “Europay, MasterCard, Visa,” is an important step to helping improve security for credit- and debit-card transactions, but it’s creating quite a bit of confusion.
> 
> The Oct. 1, 2015, deadline actually only affects physical retailers who conduct “card-present” transactions, not card holders.
> 
> *The only thing that changes on Oct. 1 is that the liability for fraudulent transactions switches to the “least EMV-compliant party.”*



So if you don't have the new card, the retailer has the new reader, and you get frauded, are you responsible or is the card issuer ?  Interesting.....


----------



## vraiblonde

Considering the number of people who use their credit/debit card both online and in the dirt world, very few people actually have their card compromised.  I think the studies say 18% of adults have had their credit card information stolen, which means that 82% have not.

I have to believe, given how freaking stupid people are, that much of that 18% are people who don't take reasonable precautions.  I do EVERYTHING online - like EVERYTHING - and I've had my card compromised I think twice in the last 20 years or so.  Knock wood.    So be cautious, but no need to freak out.


----------



## kwillia

GWguy said:


> So if you don't have the new card, the retailer does, and you get frauded, are you responsible or is the bank/lender/CU ?  Interesting.....


Here is my understanding... Credit card companies are on the hook to provide us with chipped replacement cards in time for us to activate them by October 1st. When I received mine a letter came with them that said our original cards would automatically be turned off soon so I needed to activate my new cards as soon as possible.  That makes me assume that if we don't get a replacement card it's on the issuer. If we get one we have to activate and start using it because our old one would become dead.


----------



## Chasey_Lane

DoWhat said:


> nfcu?


No.  PNC.


----------



## somdfunguy

Chipped cards in the US still have the mag stripe. Until that goes away and the readers are no longer used this problem exists. Many stores have the new readers but they are dual, you can swipe or insert the chip. We will get there but it is still a few years away.


----------



## Chasey_Lane

somdfunguy said:


> Chipped cards in the US still have the mag stripe. Until that goes away and the readers are no longer used this problem exists. Many stores have the new readers but they are dual, you can swipe or insert the chip. We will get there but it is still a few years away.



If you have a chip, apparently the swipe no longer works.  Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.


----------



## Tilted

Merchants need to move more quickly to install and bring on line NFC terminals so that they can accept payments using platforms such as Apple Pay and Google Wallet (though I haven't yet researched how the new Google Wallet works sufficiently to be sure that it's a good option from a security standpoint). Using those platforms can't eliminate all fraud or any chance that thieves will be able to steal your credit or debit card information. There will still be the potential for people to steal your information in other ways, to include when you don't use, e.g., Apple Pay because a particular vendor isn't set up to accept it. But they make the situation much better and make it all but impossible for a thief to skim your information or hack the merchants computers to get it (when you use the platform rather than the credit card itself).

The problem is merchants' interests and consumers' interests aren't completely aligned on this front. For consumers Apple Pay (and services that work the same way) is a win-win. It increases security and privacy, not to mention convenience. But from a merchant's standpoint, they don't want that privacy for the consumer - they want to be able to track purchases of particular users and make use of that data. Some of them also want, for various reasons (including to avoid the fees they are charged in connection with credit card transactions), to get their own collective mobile payments platform - CurrentC - into common use. It would be better for merchants but, in most regards, a poorer option for consumers. I don't think it will catch on to a great degree. As people understand how it works as compared to how things like Apple Pay work, they'll understand that the latter are more in their own interests and prefer those options. But as it is many merchants are still holding out hope of being able to make CurrentC a popular payment option. So they're dragging their feet on getting set-up (or just choosing to) allow NFC-initiated payments from the likes of Apple Pay and Google Wallet. Consumers need to put more pressure on more of them to do that sooner.


----------



## somdfunguy

Chasey_Lane said:


> If you have a chip, apparently the swipe no longer works.  Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.



It is not true though. My cards all have the chip and both ways work at merchants that can do both.


----------



## vraiblonde

Chasey_Lane said:


> If you have a chip, apparently the swipe no longer works.  Instead, you HAVE to insert your card -- the machine reads the data (in a way that scrambles it) -- and you are protected against fraud activity.



The swipe still works on swipe only machines, just not on ones that also have the chip.

But it's only a matter of time before some nefarious genius figures out how to steal a chipped card, so.....  :shrug:


----------



## kwillia

vraiblonde said:


> The swipe still works on swipe only machines, just not on ones that also have the chip.
> 
> But it's only a matter of time before some nefarious genius figures out how to steal a chipped card, so.....  :shrug:


Exactly... it's explained in the link I posted that cards have both because not all merchants have switched to the new technology yet. What becomes effective October 1st is that a merchant that hasn't switched assumes responsibility of all false transactions that occur on their dinosaur swipers from that point on.


----------



## Tilted

kwillia said:


> Exactly... it's explained in the link I posted that cards have both because not all merchants have switched to the new technology yet. What becomes effective October 1st is that a merchant that hasn't switched assumes responsibility of all false transactions that occur on their dinosaur swipers from that point on.



Just to be clear: Gas pump readers, which are among the most vulnerable, have a couple more years to comply because the cost of changing all of them will be pretty high.


----------



## Chasey_Lane

I filed a police report, and the officer said this is the 11th incident in the last month or so, same exact circumstance and all ATM withdraws in Baltimore.  So beware local peeps!


----------



## vraiblonde

Chasey_Lane said:


> I filed a police report, and the officer said this is the 11th incident in the last month or so, same exact circumstance and all ATM withdraws in Baltimore.  So beware local peeps!



Same ATM locations, too?  If so, that means the ATM is compromised and they need to take care of that.


----------



## Chasey_Lane

vraiblonde said:


> Same ATM locations, too?  If so, that means the ATM is compromised and they need to take care of that.



I don't know what ATM locations the crooks are dispensing money from, only that they are all happening in Baltimore.


----------



## Warron

I had a case with capital one a few months ago where someone else's name was added as a card holder to my account and a card was mailed to them in Florida.  Interesting enough, a couple days before it happened, I got a card in the mail from capital one for the former owner of my house (7 years ago).  He now lives in Florida.  I put it back in the mail as incorrect address.  

For some reason I feel that it was a screw up by capital one rather than a criminal stealing my info.  It just seemed too much of a coincidence that in the same week I got mailed a card for someone who lives in Florida, and someone in Florida got mailed my card.  (I was never provided the name of the person my card was sent to so I can't know for sure it was the same person).  

In the end, I got a new card and changed my online account password.  I don't know what else I can do about it.  The only charge was an expedited mailing fee which capital one removed after a bit of complaining (I had to talk to 3 different people to get it removed).


----------



## Chasey_Lane

Final determination:  skimmer found at the CPFCU location on Maple & 235.  Confirmed by St Mary's County Sheriff's Office.  

The skimmer was on the ATM for about a 24-hour period on 09/12.


----------



## GWguy

Chasey_Lane said:


> Final determination:  skimmer found at the CPFCU location on Maple & 235.  Confirmed by St Mary's County Sheriff's Office.
> 
> The skimmer was on the ATM for about a 24-hour period on 09/12.



Wow.  That's one of the last places I'd expect one.


----------



## Chasey_Lane

GWguy said:


> Wow.  That's one of the last places I'd expect one.



I NEVER use the ATMs at CPFCU either.  It just so happened that I was on my way to DC and the girl I was traveling with has a CPFCU account and we both needed money.  I have free ATM withdraws with PNC, so I used the CPFCU ATM rather than stopping twice.  CPFCU picked up the fraud immediately and blocked accounts of their account holders that were compromised.  

There are approximately 60 people who have been hit by this.


----------



## somdfunguy

Chasey_Lane said:


> Final determination:  skimmer found at the CPFCU location on Maple & 235.  Confirmed by St Mary's County Sheriff's Office.
> 
> The skimmer was on the ATM for about a 24-hour period on 09/12.


----------



## KDENISE977

Never had (knock on wood) cc or debit card issues with skimming/fraud etc.  I DID however have our Verizon wireless account hacked last week.  both my husband and I got texts from VZ wireless at the same time last week.  One to say our address had been updated and one to say the account password and user name had changed.  Called VZ wireless...someone somehow hacked my account and changed my address to CA in the hopes of ordering  a bunch of iPhones.  Crazy thing is the girl in customer service was ready to hang up and I said "hey, can you tell me what address you have for us?" and she rattled off something in CA and I was like "yeah...you have a problem" and that's how we found out?  :shrug:


----------



## somdfunguy

It is so important to use random passwords as well as different passwords for each site you visit. Also utilize LastPass, 1Password, or a similar password utility to remember your passwords for you. Create a very long and very strong master password that you change at least yearly. This allows you to have random passwords easily. Even better is to randomize your user name. No reason to use the same name everywhere.


----------



## Hodr

glhs837 said:


> Maybe Amazon wasn't the weak link?



Bingo.  If there was a way of exploiting Amazon's automated payment system (there are no humans involved) then it would be big news.  Heck, I would be more tempted to believe a relative pulled the card out of your purse and copied the info than Amazon was at fault.

The #1 online retailer in the world, even whispers of an issue would be plastered on the front of every news site.


----------



## somdfunguy

Hodr said:


> Bingo.  If there was a way of exploiting Amazon's automated payment system (there are no humans involved) then it would be big news.  Heck, I would be more tempted to believe a relative pulled the card out of your purse and copied the info than Amazon was at fault.
> 
> The #1 online retailer in the world, even whispers of an issue would be plastered on the front of every news site.



exactly


----------



## Hodr

vraiblonde said:


> Considering the number of people who use their credit/debit card both online and in the dirt world, very few people actually have their card compromised.  I think the studies say 18% of adults have had their credit card information stolen, which means that 82% have not.
> 
> I have to believe, given how freaking stupid people are, that much of that 18% are people who don't take reasonable precautions.  I do EVERYTHING online - like EVERYTHING - and I've had my card compromised I think twice in the last 20 years or so.  Knock wood.    So be cautious, but no need to freak out.



I think you are right and it has more to do with the user computer than the website.  I make several online purchases a day, and have done so for at least twenty years, and have never had a credit card issue that could be traced back to an online purchase.

Gas station in BF Idaho, Wal-Mart in Florida, hotel restaurant in Florida, and currency exchange booth in London.  The common thread in every one of those compromises was an actual person other than myself handling the card.


----------



## Hodr

Tilted said:


> Merchants need to move more quickly to install and bring on line NFC terminals so that they can accept payments using platforms such as Apple Pay and Google Wallet (though I haven't yet researched how the new Google Wallet works sufficiently to be sure that it's a good option from a security standpoint).



FYSA, Google Wallet is on the way out.  Android Pay is their new payment service for NFC transactions.


----------



## glhs837

Chasey_Lane said:


> Final determination:  skimmer found at the CPFCU location on Maple & 235.  Confirmed by St Mary's County Sheriff's Office.
> 
> The skimmer was on the ATM for about a 24-hour period on 09/12.



Hope they promulgate that with pics.


----------



## Tilted

Hodr said:


> FYSA, Google Wallet is on the way out.  Android Pay is their new payment service for NFC transactions.



Thanks. That's what I was referring to but wasn't remembering (or hadn't realized) that the new service was called Android Pay. So I referred to it as the new Google Wallet. I've been familiar with how Google Wallet worked, I just haven't made time to make sure I understood how Android Pay works so that I could assess whether it was better from a customer security and privacy standpoint.


----------



## GURPS

vraiblonde said:


> Same ATM locations, too?  If so, that means the ATM is compromised and they need to take care of that.




some yrs ago when the 'new' Orioles Stadium opened

 ... it was rumored some enterprising criminals put in a 'fake ATM' and for weeks collected mag stripe info and PIN Numbers 
people would swipe their card, input the pin code, then get an error trying to withdraw, so the person would go to the next ATM Machine ... 
... then picked up the fake atm


http://archive.wired.com/wired/archive/1.05/atm.html


----------



## glhs837

Can't speak to Orioles stadium, but that exploit was a real thing that happened, was a small mall somewhere, CT maybe. Ah, nailed it.....

http://archive.wired.com/wired/archive/1.05/atm.html

1993, sat in the mall for 16 days. they got 150K out of it before being popped. Ironically enough, for not paying for the card inscriber machine and the ATM dealer they stiffed


----------



## Chasey_Lane

If anyone recognizes these douche bags, let SMCSO know. 

https://www.facebook.com/firstsheriff?fref=photo


----------



## DoWhat

Chasey_Lane said:


> If anyone recognizes these douche bags, let SMCSO know.
> 
> https://www.facebook.com/firstsheriff?fref=photo



Do you recall anything different when you used the ATM machine?


----------



## Chasey_Lane

DoWhat said:


> Do you recall anything different when you used the ATM machine?



Nope, not at all.  I even had a conversation with the detective handling this about it.  She said she probably wouldn't have noticed either.  

The reason the thieves were able to get so much money from my account is that I used my PNC account, not my CPFCU account.  Therefore, CPFCU had no way to get in contact with me.  Those that had CPFCU cards that were compromised were triggered right away and the account shut down.  When all of this was happening I was in San Diego.  You would THINK that my bank would notice simultaneous transactions on two different coasts and it would be cause for warning, but apparently not.


----------



## vraiblonde

Chasey_Lane said:


> Final determination:  skimmer found at the CPFCU location on Maple & 235.  Confirmed by St Mary's County Sheriff's Office.
> 
> The skimmer was on the ATM for about a 24-hour period on 09/12.



Wow!  

But that had nothing to do with your theft, right?

(Never mind, I just saw your next post.)


----------



## Hodr

FYI, PNC (and most other banks) will allow you to set custom alerts. I have alerts for credit card transactions online and at gas stations, for ATM withdrawals, and for any transaction over $100 (or that pushes the total over $100 in a day) or any overseas transaction.

And they come quick.  I get the e-mail (choice of e-mail or text) of a gas station authorization while I am still filling up.


----------



## glhs837

http://gizmodo.com/the-gizmodo-guide-to-the-new-emv-chip-credit-card-payme-1734011799

A good primer on the new chip cards and how they work. Basically, it's very similar to the security method used by both Apple Pay and Android Pay (that was Google Wallet, and that swallowed the Verizon/ATT/Sprint Isis/Softcard system whole) in that each transaction is processed using what's essentially a one time pad, meaning at no time does your main account information enter the vendors system. they get a number good for that one transaction that will never work again. your card issuer knows what account is linked to that number, but the person you gave the card too does not.


----------



## Hodr

glhs837 said:


> http://gizmodo.com/the-gizmodo-guide-to-the-new-emv-chip-credit-card-payme-1734011799
> 
> A good primer on the new chip cards and how they work. Basically, it's very similar to the security method used by both Apple Pay and Android Pay (that was Google Wallet, and that swallowed the Verizon/ATT/Sprint Isis/Softcard system whole) in that each transaction is processed using what's essentially a one time pad, meaning at no time does your main account information enter the vendors system. they get a number good for that one transaction that will never work again. your card issuer knows what account is linked to that number, but the person you gave the card too does not.



I don't think many people have an issue with the security of the chip, though chip and pin is somewhat better than chip and signature from a verification of card ownership standpoint.

The problem remains the strip.


----------



## DoWhat

Just got a call from Credit Card fraud people.
I got hacked today.
6 charges from NY.
First charge starts out at $5.00 to make sure it's good, then BAM off they go with their spending spree.

Why can't they catch these people?
Cameras everywhere.


----------



## DoWhat

DoWhat said:


> Just got a call from Credit Card fraud people.
> I got hacked today.
> 6 charges from NY.
> First charge starts out at $5.00 to make sure it's good, then BAM off they go with their spending spree.
> 
> Why can't they catch these people?
> Cameras everywhere.



But on a good note.
My new tires purchase from tire rack went through.


----------



## Chasey_Lane

DoWhat said:


> Just got a call from Credit Card fraud people.
> I got hacked today.
> 6 charges from NY.
> First charge starts out at $5.00 to make sure it's good, then BAM off they go with their spending spree.
> 
> Why can't they catch these people?
> Cameras everywhere.


I've been hacked 3 times this year (January, March and September).  Never in my life has this happened before and suddenly I'm a target. 

Oh well!  It is nice that in this day, we can get our money back quickly.  

And many times there is no single person; it is a "ring" of people committing the crime(s), which makes finding them difficult.


----------



## DoWhat

Chasey_Lane said:


> I've been hacked 3 times this year (January, March and September).  Never in my life has this happened before and suddenly I'm a target.
> 
> Oh well!  It is nice that in this day, we can get our money back quickly.
> 
> And many times there is no single person; it is a "ring" of people committing the crime(s), which makes finding them difficult.


The Bank is sending new cards w/ the chip.
Did you get hacked with a chip card?


----------



## Chasey_Lane

DoWhat said:


> Did you get hacked with a chip card?


No, they were all non-chip cards.  Since then my debit and credit cards have both been replaced with chips, but I am finding that the majority of stores I shop at (excluding Target), do not have the proper hardware for the chip technology.


----------



## frequentflier

The credit card companies and banks have effectively put the burden on the retailer. The chip readers are expensive and somewhat hard to get. In addition to a chip reader, all software must be updated. To update one register in my store plus update five computer systems it will cost about $1600. 
The down side to the retailer not having this chip reader is that we are now responsible if we take a stolen credit card.


----------



## GWguy

DoWhat said:


> The Bank is sending new cards w/ the chip.
> Did you get hacked with a chip card?





Chasey_Lane said:


> No, they were all non-chip cards.  Since then my debit and credit cards have both been replaced with chips, but I am finding that the majority of stores I shop at (excluding Target), do not have the proper hardware for the chip technology.



It's my understanding that the chip will do nothing for purchases not made in person at a register, so getting hacked is still a possibility.  The chip just generates a one-time authorization code to be used with your PIN when making a register purchase.



> Is the new credit card system safer? Not really.
> 
> It'll be harder for thieves to create fake physical copies of your card, like they do today. *But they can still just type in the stolen credit card number online.*



http://money.cnn.com/2015/03/25/technology/credit-card-chips-hackers/


----------



## GWguy

And then there is this:

http://www.wired.com/2014/11/chip-n-pin-foreign-currency-vulnerability/



> Because the cards allow for contactless transactions, wherein consumers need only have the card in the vicinity of a reader without swiping it, a thief carrying a card reader designed to read a card that’s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.
> 
> Since the transaction is done offline without going through a retailer’s point-of-sale system, no other security checks are done.
> 
> “With just a mobile phone we created a POS terminal that could read a card through a wallet,” Martin Emms, lead researcher of the project that uncovered the flaw, noted in a statement about the findings. “All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction.”
> 
> In tests the researchers conducted, transactions took less than a second to be approved.


----------



## frequentflier

Thank you for sharing, GWguy.


----------



## somdfunguy

GWguy said:


> And then there is this:
> 
> http://www.wired.com/2014/11/chip-n-pin-foreign-currency-vulnerability/



I'm glad I don't have any contactless cards. I don't see the point.


----------



## GWguy

somdfunguy said:


> Chipped cards in the US still have the mag stripe. Until that goes away and the readers are no longer used this problem exists. Many stores have the new readers but they are dual, you can swipe or insert the chip. We will get there but it is still a few years away.



Bingo.  The new fraud is to re-write the mag strip and make the card think it no longer has a chip.

http://money.cnn.com/2016/08/03/tec...oneybin080316credit-card-chips-flaw0900vodtop



> Computer researchers claim to have found yet another flaw in the upgrade to the chip-based credit cards in the United States.
> 
> The chip on these credit cards have been praised for making them nearly impossible to counterfeit. While the cards also contain a magnetic strip, that strip is supposed to tell the payment machine to use the chip.
> 
> But there's a relatively easy way to knock down that safeguard.
> 
> Computer security researchers at the payment technology company NCR demonstrated how credit card thieves can rewrite the magnetic stripe code to make it appear like a chipless card again. This allows them to keep counterfeiting -- just like they did before the nationwide switch to chip cards.


----------



## vraiblonde

We travel full time and therefore are very security conscious.  However, I got annoyed when my credit card was declined at the Buckee's in Temple because my credit card company didn't trace my trajectory.  My fault, I didn't have my phone on me.  If I had, I'd have gotten the text they sent me saying they flagged my purchase and if I really was in the Buckee's in Temple, TX I should respond with at Y and try my purchase again.

So on one hand, security is irritating; but on the other hand I appreciate it.  Except when it's inconvenient for me, which the credit card company has no way of knowing

Anyway, I keep a big balance in my checking so I can use debit if my hug-you credit card company needs to give me the Bornemeier death grip.


----------



## RoseRed

vraiblonde said:


> We travel full time and therefore are very security conscious.  However, I got annoyed when my credit card was declined at the Buckee's in Temple because my credit card company didn't trace my trajectory.  My fault, I didn't have my phone on me.  If I had, I'd have gotten the text they sent me saying they flagged my purchase and if I really was in the Buckee's in Temple, TX I should respond with at Y and try my purchase again.
> 
> So on one hand, security is irritating; but on the other hand I appreciate it.  Except when it's inconvenient for me, which the credit card company has no way of knowing
> 
> Anyway, I keep a big balance in my checking so I can use debit if my hug-you credit card company needs to bundle me.



A couple of years ago, Bug and I were in California (I know, big surprise there!) but after I had rented a car at SJO and made a couple of small purchases, I did get a text from NFCU to find out if the $200 purchase I made in Santa Cruz was viable.  Yes, it was.  But I did appreciate it.


----------



## somdfunguy

vraiblonde said:


> Anyway, I keep a big balance in my checking so I can use debit if my hug-you credit card company needs to give me the Bornemeier death grip.



If your debit card ever gets compromised it will take a week or two to get that balance back. Credit cards are always the best option for purchases.


----------



## vraiblonde

somdfunguy said:


> If your debit card ever gets compromised it will take a week or two to get that balance back. Credit cards are always the best option for purchases.



It's not big enough that I can't live without it for a couple weeks.  It's just enough cushion in case my credit card company decides to protect me at an inopportune moment.


----------



## glhs837

Navy Federal has always been great on this. Shut me down a few months back, I was able to go get a new card the next day at the local branch. A couple years back, they Fedexed me a new card at the hotel I was at.


----------

